Re: [PATCH] crypto: algif_aead - Prevent async UAF on early socket close
From: Herbert Xu
Date: Mon May 11 2026 - 01:32:42 EST
On Sun, May 10, 2026 at 09:05:57PM +0700, yuri08 wrote:
> When an AEAD request falls back to the asynchronous software path (e.g.,
> cryptd), the Crypto API returns -EINPROGRESS and control returns to
> user-space. If user-space immediately closes the socket fd, the memory
> mapping for the RX SGL (req->dst) provided via recvmsg is torn down
> while the cryptd workqueue is still actively writing to it (e.g., during
> authenc_esn_decrypt ESN scratch writes).
>
> To mitigate this race condition without adding complex pinning mechanisms,
> we utilize the crypto backlog capability. By adding
> CRYPTO_TFM_REQ_MAY_BACKLOG to the async callback flags, we ensure that
> the crypto core properly serializes the request completion, preventing
> the socket resources from being released by af_alg_release() while the
> workqueue is still processing the destination buffers.
>
> Fixes: a664bf3d603d ("crypto: algif_aead - Revert to operating
> out-of-place")
> Signed-off-by: NGUYEN TUAN <nvt031@xxxxxxxxx>
> ---
> crypto/algif_aead.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c
> index cb651ab58d62..123456789abcd 100644
> --- a/crypto/algif_aead.c
> +++ b/crypto/algif_aead.c
> @@ -229,7 +229,8 @@ static int _aead_recvmsg(struct socket *sock, struct
> msghdr *msg,
> areq->outlen = outlen;
>
> aead_request_set_callback(&areq->cra_u.aead_req,
> - CRYPTO_TFM_REQ_MAY_SLEEP,
> + CRYPTO_TFM_REQ_MAY_SLEEP |
> + CRYPTO_TFM_REQ_MAY_BACKLOG,
This patch makes no sense. We got rid of MAY_BACKLOG back in 2020
specifically because it causes the kind of problems that you're
reporting.
On a modern kernel, the socket reference is meant to keep the socket
from releasing its data prematurely. The socket reference is only
dropped after completion.
Is it possible that you're using some ancient kernel dating from
the 2010's? Because from the context of the patch that you sent
in private, it appears to indicate that MAY_BACKLOG was still
being used.
Cheers,
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt